Re: Given access to edit active directory
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Sat, 10 Jun 2006 08:42:27 -0400
If you let someone log into a domain controller then there is a good chance they can bypass any security you put into place. Have the local admins load the admin pack tools on their PCs and just delegate access to them to manage users.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
pbuzzby@xxxxxxxxx wrote:
Hi.
We are tighing up permission on our office network and want to remove
the admin permissions to a lot of server.
What i need to do is allow an Actiove directory group to login to the
domain controller and ONLY have access to the magae active directory
panel and then only allow them to add new users.
Is this possible?
Also is it possibale to alow this group to modify current group and
users permissions without them being allowed to assign anyone as a
domain admin?
Thanks in advance
- References:
- Given access to edit active directory
- From: pbuzzby
- Given access to edit active directory
- Prev by Date: Re: Reboot several DC's ?
- Next by Date: Re: Learning Active Directory? Any ideas?
- Previous by thread: Re: Given access to edit active directory
- Next by thread: Re: Given access to edit active directory
- Index(es):
Relevant Pages
|
